• Anon (unregistered)

    Ugh, I remember these things.

    Back in the 2000s I was working on a military simulator which used iPaqs as a mobile instructor station, so that instructors could manipulate the scenario as they walked around watching what students were doing. It was a great idea, except...

    Apparently HP (or Compaq before them) hadn't heard of non-volatile storage. So if the battery on the thing went flat, all the software, configuration and history was wiped next time you turned it on. Yes, really. If you wanted to use these things for anything serious, you had to notice when the battery was nearly flat and go put them on a charger. Except...

    The whole system was classified. So you couldn't just leave the things sat out on a charger, they had to be either in the possession of someone with an appropriate clearance and need to possess them or locked in a cabinet approved by the relevant country's security services. Switching them off had the same effect as the battery going flat, so of course next time you grabbed them out of the cabinet, you'd have to reinstall all the software from scratch.

    As an interim workaround during development, on any day where the devices were to be used, someone had to arrive at around 4AM, put the things on a charger and then sit and watch them until they were charged. Once charged, they would install the latest software build on them, then put them back on the charger until other people were ready to use them. This was, shall we say, not a popular task. They were not allowed to leave the room for ANY reason unless they first got someone else suitably qualified to sign for receipt of the devices.

    I believe that, in the end, a team of about six people were tasked with the specification, design, procurement and qualification of a powered security cabinet with integrated iPaq chargers that met the relevant classification requirements.

  • P (unregistered)

    This is why you don't allow vendors to deviate from the established standard. Because they'll always come up with something much worse, and utterly broken.

  • The Mole (unregistered)

    So they still left the hole of all you need to do to log into some else's account is guess at a valid 'unique' id?

  • Bob (unregistered) in reply to The Mole

    Zero factor authentication, resolves the annoyance of needing to remember passwords or pins!

  • Chronomium (unregistered)

    the Dark Ages of mobile programming

    I'm fairly sure we're still in that age, just for different reasons.

  • Anon (unregistered) in reply to Anon

    At last, my question "How many military personnel does it to take to use an iPaq" has been answered!

  • Angela Anuszewski (google) in reply to Anon

    On the plus side, you don't need a sanitization procedure...

  • Brian Boorman (google) in reply to Angela Anuszewski

    I was thinking - Wait, isn't the room they have these (and the lock up GSA safe) itself a "closed container". Leave them charging and just set-the-alarm/spin-the-dial on the door when you leave the room to use the bathroom.

  • Wyrm (unregistered)

    Unique...

    • Each device gets a number that isn't the same as any other device. (normal use of the word, but obviously not the one HP used.)
    • There is only one number. Total. For all devices. This number would not be helpful, but indeed "unique" in a way.
  • Do Be (unregistered)

    Your unique device ID is 4 https://www.xkcd.com/221/

  • Klimax (unregistered) in reply to Anon

    Not surprising. NV storage that could fit there with useful capacity was quite expensive. (Generally NAND and NOR flashes were in MBs sizes (NOR flash BTW was quite interesting thing, because it supported byte addressing and thus there was option for XIP (Execution in-place) I had one and i was quite nice, pity I took model with GPS but no WiFi...

  • Red Five (unregistered)

    "Despite what Apple might have you believe, the iPhone wasn't the first portable computing device."

    Shoot, the iPhone wasn't even Apple's first portable computing device. Newton MessagePad, anyone?

  • LCrawford (unregistered)

    function HpGUID () { return Hash(guidCountSinceReboot); }

  • Smash (unregistered)

    Well it was a Unique ID. Unique to HP, of course. No other company generated that ID.

    (Cue both the Dilbert strip about the generation of a "random" number and the equivalent xkcd strip.)

  • (nodebb)

    Back in the 80's my company used computers from a vendor who generated the Ethernet MAC address by concatenating their OUI and the machine's serial number. However, serial numbers were only unique for a specific model of the computer. We ended up with two machines with the same serial number because they were different models, and this caused MAC address conflicts.

    Luckily it was possible to override the default MAC address, so I configured one of them with a manual MAC address that didn't conflict.

  • Worf (unregistered) in reply to Anon

    Back then, NV storage was expensive. NAND flash wasn't too common (and hard to drive), NOR flash was what you used, but painfully expensive and pitifully small. We put 16MB of NOR flash, which was enough for a basic Linux OS and about 4MB of user space free. If you used Windows CE or PocketPC (Windows Mobile), it was pretty much zero. Intel licensed a filesystem driver that let you use leftover flash as NV storage - it was free licensing if you used Intel's chips in your product. Not hard, since you either used an Intel StrongARM (or PXA) processor (now Marvell), or Intel StrataFlash NOR flash which were the devices with the most capacity on the market.

    If you wanted to use NAND flash, you needed a boot NOR flash so your chip could start up and write your own driver. Or you paid extra for something like DiskOnChip which let you boot from NAND. But still, it was relatively rare. Everyone was mindful of flash wear limits, after all.

    Anyhow, Windows CE/Mobile used RAM disks as they provided the functionality. The HP devices were supposed to have a backup battery that kept the RAM powered up and persistent.

  • Fnord (unregistered) in reply to Red Five

    "Shoot, the iPhone wasn't even Apple's first portable computing device. Newton MessagePad, anyone?"

    Or the Macintosh Portable, for sufficiently expansive definitions of portable.

  • AnonToo (unregistered) in reply to Anon

    Regarding non-volatile storage: That wasn't HP's or Compaq's idea. Windows Mobile 5 was the first edition of the OS to support persistent storage. Actually, some earlier iPaqs had flash memory, but that wasn't really integrated in the OS. You could store files there, but if you installed software to the flash memory the desktop icon (or equivalent) and other configuration stuff still got wiped.

    This was pretty common with early PDA's, PalmOS and Symbian also did everything in RAM.

  • Tinkle (unregistered)

    Hmm, sounds like relying on any ID generated by the phone is a little risky - IMEIs can be cloned etc.

    The ideal (haha - when does that ever happen?) way to deal with this is when the user logs in a UUID is generated, cryptographically signed, stored in a database and on the device, then you can verify what account that device belongs to. Presumable logging out would delete the UUID - a new one would be generated on next log in. You could also have multiple UUIDs per account if they could use multiple devices.

  • WTFGuy (unregistered) in reply to The Mole

    @The Mole: and somehow supply that guessed value into the innards of their proprietary app; it doesn't come from a user input textbox. I suppose a malicious user could somehow shim the OS's GetDeviceIMEI() call to deliver a fake value. Given that the IMEI is the very core of the whole telecom identity, that is (or at least should be) a pretty well-guarded pathway against spoofing.

    Nowadays when every client is a fully programmable browser we get used to the idea that any barely-technical user can spoof any credentials. 20 years ago both malware and malware writers weren't quite as skilled as they are today.

  • (nodebb) in reply to Fnord

    Like the Osbourne "luggable" portable computer? An XT computer, with 2 floppy drives, a 10 MB hard drive, a handle on top, 4 inch green monitor, covered by the keyboard, in one chassis, the size and weight of a suitcase stuffed for a 2-week vacation. It had no battery and had to be plugged into the wall to be used.

  • Ann on a Mouse (unregistered)

    Apple never claimed the iPhone was the first portable computing device. They HAVE made that claim about the Newton Messagepad (1993), and it's certainly true that the entire PDA market was based on the Newton, just like Android was based on the iPhone. But you can argue that they had portables before that.

    The Macintosh Portable started production in 1989, had a built-in keyboard, screen, and battery, but was too big to be a laptop. (But still: portable!)

    The Macintosh SE started production in 1987, and although it had no built-in keyboard, there were third-party custom-molded carts so you could take your computer with you to and from work.

    The Apple IIc in 1988 was explicitly designed to be "portable" in the sense of "you can carry it from location to location and just plug in a monitor". (To be clear: Apple doesn't claim that it was the first portable, and if they did there were other systems with built-in keyboards and no screen, like the Commodore 64, before that.)

  • markm (unregistered) in reply to Brian Boorman

    Maybe the locked room was not considered secure enough for the classification level. E.g., if there's a window, someone can break it and grab something.

    But most likely, the problem is that the room was used for many purposes, so people who did not have clearance for that particular project had keys to the room. When I worked on F-111D radar, my top secret clearance only gave me access to classified information about the F-111D radar. There were other items in the same safe that I could not read, and an NCO whose job was to open that safe and sign items in and out. And the room also contained bookshelves of unclassified documents, which covered about 80% of my job.

  • gnasher729 (unregistered) in reply to Fnord

    The original Macintosh was quite portable. I had a shoulder bag to carry it, and it spent many miles travelling with me on the bus.

  • gnasher729 (unregistered) in reply to gnasher729

    Original Macintosh was 1984, a few years before Macintosh SE. According to Wikipedia "The Osborne 1 is the first commercially successful portable microcomputer, released on April 3, 1981 by Osborne Computer Corporation". Which seams to imply it was NOT the first portable microcomputer, that there were earlier ones that just were not commercially successful.

  • Gene Wirchenko (unregistered) in reply to gnasher729

    I would call the Osborne a luggable.

  • Andrea Ci (google)

    And this still happens!

    Just buy random chinese android devices and you'll notice that many of them changes IMEI and MAC semi-randomly and the android id is the same on all their models!

  • WTFguy (unregistered)

    Here's IBM's first portable. From 1975, none of this sissie late 1980s stuff. https://en.wikipedia.org/wiki/IBM_5100

    I had one for evaluation for awhile.

  • Android (unregistered)

    Android based on iPhone?

    "The early intentions of the company were to develop an advanced operating system for digital cameras, and this was the basis of its pitch to investors in April 2004. The company then decided that the market for cameras was not large enough for its goals, and by five months later it had diverted its efforts and was pitching Android as a handset operating system that would rival Symbian and Microsoft Windows Mobile."

  • I can be a robot if you want me to be (unregistered)

    There's a WTF before the IDs - it's deciding to test a few days before the launch

  • Ann on a Mouse (unregistered) in reply to Android

    Just coincidentally, the decision to change Android from a static camera OS to a phone OS with apps happened at a meeting called by Schmidt, who was on the board of Apple (despite most of the rest of the board repeatedly telling Jobs that he had a massive and ineradicable conflict of interest), immediately after he returned from the Apple board meeting at which Jobs showed off the initial prototype of the iPhone, which had been a secret project the board had not heard about until that time. I'm sure it's a total coincidence, though, right? It's not like Google is some kind of evil, opportunistic entity. [Insert laughter here.]

Leave a comment on “When Unique Isn't Unique”

Log In or post as a guest

Replying to comment #:

« Return to Article